Author Topic: How do I remove rootkits? Such as system modificated ones of high danger?  (Read 18058 times)

0 Members and 1 Guest are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
  • F-Secure user
Quote
BTW, should I start using Firefox, since it has Noscript unlike Chrome?
support norsk software.....bruk Opera  ;D

Mo0nwalker

  • Guest
Quote
BTW, should I start using Firefox, since it has Noscript unlike Chrome?
support norsk software.....bruk Opera  ;D

 
hahahaha lol, nei helt ærlig?  :o

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Moonwalker,

GoogleChrome has NotScripts extension and that is very easy to handle. Get it here:
https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn

Og hvis du ønsker å bruke Opera på grunn av hva Pondus fortalt deg, har at den også:
https://addons.opera.com/addons/extensions/details/notscripts/1.1.0/?display=en

polonus
« Last Edit: June 30, 2011, 01:07:19 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mo0nwalker

  • Guest
I used the google one with notscript, and i already have addblock and such, so am safe?
 
in regards to avast (free), mbam (free) and win7 firewall too of course. or should i try comodo firewall?
 
like is the windows 7 in-built firewall good or should i go futher?
« Last Edit: June 30, 2011, 01:31:15 AM by Mo0nwalker »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Hi Mo0nwalker.

No that is ample protection. Don't you know that sometimes users can have over-protection and that will work against them?
You just should apply a safe browsing habit, for instance do not go for torrents laden with questionable and possible additional malcode, as keygens, software without the right certification etc. etc.
You know from intuition where you can get infected, so much you already learned here.
Also read what I have posted here: http://forum.avast.com/index.php?topic=37542.msg660804#msg660804
So when you are on the path to SafeHex habits, well stay on that path, come here more often and try to help this community, a belated welcome, Mo0nwalker, to these great forums,

polonus aka Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mo0nwalker

  • Guest
I see, thanks very much to all, your always a great help and it doesnt look like ill need to format afterall! ;D
 
Not is Avast just great, but the community is even better, this is what makes Avast one of, if not the very best out there because of you guys, thx and keep it up! ;D

Mo0nwalker

  • Guest
Guys, it appears that I got a rootkit (an old one) so I did a system restore to an earlier time, only to see that it got away, but that I got 5 new ones - on the 5 system restore points i created most recently! Now am pissed off man, 5 rootkits on my system restore points I created in hoping to use as a resort against them! :(
  
I will post OTS and all very soon to see if essexboy can do anything! If nothing helps then Ill accept the option to format, but Ill have till Sunday because my big bros gonna help me through the way.
 
But still, gotta do something about these ones first!
 
So yea, expect the OTS, Malwarebytes, Combofix etc logs! :)
 
EDIT: Never mind, it seems like Avast got them easily after a restart or so I think (I really dont know anymore)... Its really a mess, sometimes it doesnt find, other times it finds, other times it always finds and such, its like it cant make up its mind - while Malwarebytes will never find anything at these times of all times lol. What am I supposed to do?
 
And if I were to format, could I JUST format drive C? Is id like to keep drive D, which is also the drive that isnt affected.
« Last Edit: June 30, 2011, 08:09:24 AM by Mo0nwalker »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
  • F-Secure user
Essexboy is notified....again  ;D

Mo0nwalker

  • Guest
Hehe sorry, skjønner ikke ass, Avast bestemmer når den vil finne rootkits og når den ikke vil :/
 
And here it found a old one again, whats going on lol, damn you rootkits! :/
« Last Edit: June 30, 2011, 08:48:19 AM by Mo0nwalker »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
  • F-Secure user
you may also run this

*download aswMBR.exe and save to desktop  http://public.avast.com/~gmerek/aswMBR.exe
*click aswMBR icon to run
*click scan, then "save log" and post it here in next reply


Mo0nwalker

  • Guest
Well here is an attachment, I dont know if the scan is even done as there is nothing that comes up as to when it finishes and such, but anyways here is the log for it in attachements.
 
And I dont think Ill need to re-post new OTS and such, because the situation now is that I still have the old rootkit which was the reason why I posted for help. I believe therefore that it would be pretty much the same if I would have to re-post it, but I think I will anyways and see if it can be of help soon enough.
« Last Edit: June 30, 2011, 09:15:54 AM by Mo0nwalker »

Mo0nwalker

  • Guest
Looks like while I was away when this was scanning, I was welcomed by a BSOD and the cause being this scanner lol.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Hi Mo0nwalker,

First you can do a check-up with this: http://www.resplendence.com/download/sanitySetup.exe

First make all your hidden files visible: http://www.bleepingcomputer.com/tutorials/tutorial62.html

Will be interesting to see your results with an anti-rootkit removal after having run defogger, see how to, here: http://forum.avast.com/index.php?topic=37542.msg660423#msg660423

Run this free rootkit removal tool - http://www.troublefixers.com/download-sophos-anti-rootkit-remover-to-delete-rootkits/  (after cleansing re-enable with defogger)

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mo0nwalker

  • Guest
yea ill do because it buggs me off a bit, how avast sometimes detects rootkits and other times dont, especially considering the fact that it cant take them off. Neither does malwarebytes help much either as it cant detect anything. I dont know what combofix really did because it doesnt stop Avast from "sometimes" detecting the rootkits either.
 
Ill see and report back.
 
BUT do I need to always disable Avast before I scan with these?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
No avast won't interfere with these scans, maybe only when you use defogger to get right results,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!